Overview
Lead the enterprise-wide technology risk governance framework, ensuring alignment with regulatory expectations, internal policies, and strategic objectives. Key focus areas include strategic oversight of governance forums, risk intelligence and metrics reporting, board-level engagement, policy and standards management, regulatory alignment (including DORA), and fostering a strong risk culture.
Role
Drive the development and execution of technology risk governance structures, embedding the three lines of defence model to ensure clear accountability.
Design, validate, and maintain Risk Appetite Metrics and Key Risk Indicators (KRIs) across
strategic control domains, overseeing lifecycle management and quarterly reporting to the TRC and Board.
Manage end-to-end board reporting, collaborating with ERM (2LOD) to ensure robust check-and-challenge processes and timely escalation of risk breaches.
Oversee global policy and standards integration, ensuring continuous improvement and alignment with operational resilience, information security, and issue management procedures.
Ensure regulatory compliance with global and entity-level standards, including DORA, integrating ICT risk management, incident reporting, resilience testing, and third-party oversight into enterprise practices.
Engage and educate stakeholders to foster a consistent risk culture, facilitating structured decision-making through well-defined committees and agendas.
All About You / Experience
You bring extensive experience in technology risk management, governance, and regulatory compliance, with a track record of embedding enterprise-wide risk frameworks. You have led complex risk reporting initiatives, guided board-level discussions, and driven adoption of risk metrics and standards across multiple entities. Your expertise extends to regulatory alignment (e.g., DORA), policy management, and cultivating a strong risk culture through stakeholder engagement, education, and structured governance practices.
